CVE-2020-35864

An issue was discovered in the flatbuffers crate through 2020-04-11 for Rust. readscalar and readscalarat can transmute values without unsafe blocks...

CVE-2020-35864

An issue was discovered in the flatbuffers crate through 2020-04-11 for Rust. readscalar and readscalarat can transmute values without unsafe blocks...

CVE-2020-35864

CVE-2020-35864 affects the Rust implementation of the flatbuffers crate up to 2020-04-11. The root cause is that read_scalar and read_scalar_at can transmute values without using unsafe blocks. The available connected sources confirm this behavior but do not provide explicit remediation steps, af...

CVE-2020-35865

An issue was discovered in the osstrbytes crate before 2.0.0 for Rust. It has false expectations about char::fromu32unchecked behavior...

CVE-2020-35865

The CVE-2020-35865 entry concerns the os_str_bytes crate for Rust, prior to version 2.0.0, which contains code that relies on the behavior of std::char::from_u32_unchecked. This reliance constitutes false assumptions about the unchecked conversion in char::from_u32_unchecked and is described acro...

CVE-2020-35867

The CVE-2020-35867 issue affects the rusqlite crate for Rust prior to version 0.23.0, where memory safety can be violated via create_module. Multiple sources (including Red Hat, OSV/GHSA advisories) describe memory-safety vulnerabilities in rusqlite before 0.23.0, with issues such as use-after-fr...

CVE-2020-35867

An issue was discovered in the rusqlite crate before 0.23.0 for Rust. Memory safety can be violated via createmodule...

CVE-2020-35868

CVE-2020-35868 affects the rusqlite crate for Rust prior to 0.23.0. Reported as memory-safety issues such as use-after-free and data races (UnlockNotification, VTab/VTabCursor, Auxdata API, and related paths) that could violate memory safety. The CVE entry is supported by multiple vulnerability r...

CVE-2020-35869

CVE-2020-35869 affects the Rust rusqlite crate prior to 0.23.0. The issue is a memory safety vulnerability caused by rusqlite::trace::log mishandling format strings, with CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H (base 9.8). Remediation: upgrade to rusqlite 0.23.0 or later. Current documents d...

CVE-2020-35870

The CVE concerns the rusqlite crate for Rust, pre-0.23.0, where a memory-safety vulnerability exists due to an Auxdata API use-after-free. Reported across multiple trusted sources, this affects the Rust library’s handling of Auxdata and can cause use-after-free conditions. The vendor-facing Red H...

CVE-2020-35871

CVE-2020-35871 concerns the Rust package rusqlite prior to 0.23.0, where memory safety can be violated via a data race in the Auxdata API. Connected sources (RH CVE, OSV advisories, and EU/NVD references) consistently identify data races affecting rusqlite before version 0.23.0, including issues ...

CVE-2020-35872

An issue was discovered in the rusqlite crate before 0.23.0 for Rust. Memory safety can be violated via the reprRust type...

CVE-2020-35872

The CVE-2020-35872 entry concerns the rusqlite crate for Rust, before version 0.23.0. The root cause is a memory-safety issue exposed via the repr(Rust) type, which can lead to memory-safety violations. The vulnerability is reflected in high-severity CVSS scores (NVD: CVSS2 7.5; CVSS3.1 9.8) with...

CVE-2020-35873

An issue was discovered in the rusqlite crate before 0.23.0 for Rust. Memory safety can be violated because sessions.rs has a use-after-free...

CVE-2020-35873

The CVE-2020-35873 entry concerns the rusqlite crate for Rust prior to version 0.23.0. The issue is a memory-safety bug caused by a use-after-free in sessions.rs, leading to potential memory corruption. Public references indicate fixes were released in rusqlite 0.23.0 (see linked release notes) a...

CVE-2020-35874

An issue was discovered in the internment crate through 2020-05-28 for Rust. ArcIntern::drop has a race condition and resultant use-after-free...

CVE-2020-35874

CVE-2020-35874 relates to the Rust internment crate; ArcIntern::drop has a race that can lead to use-after-free. Affected: internment up to versions before 0.3.12. Impact: potential memory safety issue. Mitigation: upgrade to 0.3.12 or later, as the fix serializes access during deallocation. Othe...

CVE-2020-35875

CVE-2020-35875 affects the Rust crate tokio-rustls (before 0.13.1). The root cause is that tokio-rustls does not call process_new_packets immediately after read, causing wants_read to always return true and allowing data to accumulate in memory when data arrives faster than it is processed. This ...

CVE-2020-35876

The CVE-2020-35876 entry relates to the rio crate (Rust) where leaking a rio::Completion can prevent its drop code from running, enabling access to or dropping of the underlying I/O buffer. This can lead to use-after-free, data races, or leaking secrets. The primary technical details are document...

CVE-2020-35877

CVE-2020-35877 affects the Rust ozone crate (up to version 0.1.0) with memory-safety violations caused by out-of-bounds access. Documents consistently describe an out-of-bounds read/write risk but do not provide concrete exploit details or a stated fixed version. Remediation/fixes are not specifi...